BCS Data Protection Foundation Syllabus
Learning Outcomes
Candidates will be able to demonstrate knowledge and understanding of:
- Key provisions of Data.
- The History of Data Protection in the U.K.
- Principles of Data Protection and Applicable Terminology.
- Lawful bases for processing of Personal Data.
- Governance and Accountability of Data Protection within organisations.
- Data Subject Rights.
- Independent Supervisory Authority (ICO).
- Breaches, Enforcement and Liability.
- Privacy and Electronic Communications (EC Directive) Regulations (PECR) 2003.
BCS Data Protection Foundation course outline
- An Introduction to the History of Data Protection in the U.K. (5%).
- Demonstrate an awareness around personal data rights in the EU and the UK.
- Background to the Rights to Protect Personal Data in the EU and the U.K.
- The Privacy and Electronic Communications (EC Directive) Regulations 2003 (Sections 5-26).
- UK Data Protection Act 2018, Part 2, Chapters 1 to 3, Part 5 & 6.
Principles of Data Protection and Applicable Terminology (15%)
- Define the following key items of terminology.
- Personal data and Special category personal data.
- Criminal Offence Data.
Lawful bases for processing of Personal Data (12.5%)
- Explain the lawful basis to process Personal Data listed under (Article 6) of the GDPR and as displayed below.
- Describe the conditions for processing special category data and the exemptions (Article 9).
Governance and Accountability of Data Protection within organisations (20%)
- Identify the accountability obligations.
- Describe the purpose of a Data Protection Impact Assessment (DPIA).
- Explain the process of conducting a DPIA.
- Identify the importance of keeping a record of processing activity.
- Outline the interplay with privacy notices.
- Demonstrate how to adopt a data protection by design and by default approach.
- Identify suitable information security measures.
- Explain the designation, position, and tasks of the Data Protection Officer (DPO).
Interaction between Controller and Processor (7.5%)
- Identify the following controller and processor obligations.
- Controller obligations.
- Joint controllers.
- Processor obligations.
- Processing under the authority of a Controller or Processor.
Transfers of personal data to third countries or international organisations (5%)
- Recognise the general principles for transferring personal data to third countries.
Data Subject Rights (12.5%)
- Define restrictions that may affect data subject rights.
Independent Supervisory Authority (ICO) (10%)
- Explain the Role of the ICO.
- Investigation and correction.
- Enforcement of regulations.
- As a body that creates guidance and codes of practice.
- In co-operation with other supervisory authorities.
- Driving forward good privacy practice in their own jurisdictions and also internationally.
Breaches, Enforcement and Liability (10%)
- Data subject.
- Identify the sanctions that could be imposed as a result of a personal data breach or data protection complaint.
- Information notices and assessment notices.
- Undertakings.
- Enforcement notices.
- Administrative fines and their levels.
- Data protection audits by the supervisory authority.
- Awareness of the existence of criminal liability regarding breaches under Data Protection Act 2018 and Computer Misuse Act.
Privacy and Electronic Communications (EC Directive) Regulations (PECR) 2003 (2.5%)
- Identify the relationship between the PECR and the GDPR, including the PECR’s.
BCS Data Protection Foundation Exam Details
Type - Multiple-choice.
Number of questions – 40.
Duration - 60-Mins.
Supervised - Yes.
Open book - No.
Pass mark – 26/40 (65%).